Cybercriminals are currently spamvertising millions of emails impersonating Discover, in an attempt to trick cardholders into clicking on the client-side exploits serving URLs found in the malicious emails. Upon clicking on the links, users are exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit.

Responding to the same IP (183.180.134.217) are also the following malicious domains part of the campaign’s infrastructure:rovo.plitracrions.plradiovaweonearch.comunitmusiceditior.comnewtimedescriptor.comsteamedboasting.infosolla.atvotela.netpuzzledbased.netstempare.netquestionscharges.netbootingbluray.net